| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
the stuff we write to the temporary file, so don't bother writing it.
Keep track of the two sides of the TCP stream by keeping track of the
source address *and* port, so that we correctly handle connections
between two ports on the same machine.
svn path=/trunk/; revision=1712
|
|
svn path=/trunk/; revision=1274
|
|
packet, since that tells us the direction of the connection.
svn path=/trunk/; revision=1178
|
|
svn path=/trunk/; revision=1131
|
|
svn path=/trunk/; revision=1060
|
|
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
|
|
svn path=/trunk/; revision=635
|
|
- call reset_tcp_reassembly before build_follow_filter
- modify reassemble_tcp so that packet validity is
checked before processing it.
svn path=/trunk/; revision=410
|
|
string pointer from the result of ip_to_str (statically allocated string).
Use the ip_src and the new field ip_dst in follow.c to build a correct
string display filter.
svn path=/trunk/; revision=408
|
|
Added the protocol IDs for ipx and IGMP, but not their fields.
svn path=/trunk/; revision=365
|
|
but does not link. Perhaps someone who understands the MS tools can help
out. I made it link a few months ago, but with different version of glib/gtk+.
I can't remember how I made it link.
Most of the compatibility issues were resolved with adding
#ifdef HAVE_UNISTD_H the the source code. Please be sure to add this to all
future code.
svn path=/trunk/; revision=359
|
|
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
|
|
(which could cause core dumps in "Follow TCP Stream") -
"check_fragments()" was, when deleting a TCP segment at the beginning of
the list of segments, setting "src[index]" to point to the next segment,
not "frags[index]". "src[index]" is the source IP address, not a
pointer to a fragment.
Also, make some routines not used outside "follow.c" static.
svn path=/trunk/; revision=341
|
|
pointer to a signed int instead of an unsigned int. In my testing the
code still worked, but it's better to do the conversion correctly.
svn path=/trunk/; revision=331
|
|
in line 198.
svn path=/trunk/; revision=328
|
|
caplen or incomplete data (avoid crashes or erroneous display).
svn path=/trunk/; revision=227
|
|
Tests for GTK versions are done during compilation, not during "./configure".
The big problems have been taken care of in this patch (functional change
in the packet clist and conversion of menu_factory to item_factory), but
plenty of smaller problems with dialogue boxes abound. I have fixed
a small problem with file_open*(), but have left 2 comments in just in case
I'm not going about this the right way. Can someone verify?
svn path=/trunk/; revision=127
|
|
warning. (We use "memcpy()" everywhere else.)
svn path=/trunk/; revision=73
|
|
* FDDI support (Laurent, Guy)
svn path=/trunk/; revision=36
|
|
generalizes the column printing code, adds a "frame" tree item to
the tree view, and fixes a bunch of miscellaneous coding bugs.
svn path=/trunk/; revision=31
|
|
svn path=/trunk/; revision=10
|
